Kuala Lumpur-based startup Zetrix AI is targeting 1 million users across Southeast Asia for its autonomous AI agent, Avatar, by the end of 2026 — part of a regional race to deploy agentic systems before regulators have written the rules governing them. Malaysia’s main legal instrument, the Personal Data Protection Act 2010 as amended in 2024, addresses data use broadly but contains no AI-specific product requirements, leaving significant governance gaps for autonomous systems that access messages, calendars, and financial records on behalf of users.
The EU AI Act entered into force on 1 August 2024, with the first prohibitions applying from 2 February 2025 — but Southeast Asia’s regulatory timeline is far less defined. The real story is not one startup’s ambition; it is that the region is becoming a live test bed for autonomous AI systems with compliance frameworks still catching up.
C.Z. Wong is 23 years old, holds the title of chief AI officer at Zetrix AI, and believes artificial intelligence will be mainstream within five years — whether people want it or not. His product, Avatar, is an autonomous agent designed to act as a digital alter ego: filling out forms, managing social media replies for influencers, and ultimately negotiating with other AI agents on behalf of its users, requiring human input only at the final decision point. The company’s goal is 1 million active users across Southeast Asia before December 31, 2026.
That ambition sits inside a much larger dynamic. Southeast Asia is emerging as a deployment market for agentic AI at a moment when the governance frameworks that would normally constrain such systems — on consent, data retention, cross-border transfer, and accountability — are either incomplete or untested in enforcement. The buried question in Zetrix’s pitch deck is the same one regulators in Kuala Lumpur, Jakarta, and Bangkok are only beginning to ask: when an AI agent acts on your behalf and gets it wrong, who is responsible?
For Western companies with regional operations or customer bases in Malaysia, the Philippines, or Vietnam, that question is no longer theoretical.
RELATED
The details
Avatar is built on an architecture that goes well beyond a conversational interface. The agent interprets a user’s request, decomposes it into sub-tasks, calls external tools or other agents, retrieves and processes data, and escalates only the final output for human approval. That autonomy is precisely what makes it commercially attractive — and what makes it a different category of compliance risk than a standard chatbot.
Malaysia’s primary legal framework is the Personal Data Protection Act 2010, overseen by the Department of Personal Data Protection under the Communications Ministry. The 2024 amendment — with key provisions entering force in stages from 2025 — introduced a mandatory data breach notification regime, but the law’s architecture centres on seven data-protection principles, registration duties, and restrictions on sensitive-data processing and cross-border transfers. It contains no AI-specific product rules. Under the amended PDPA, cross-border personal data transfers are restricted unless the receiving jurisdiction appears on the minister’s approved list or another legal exception applies — a provision with direct relevance to any agent that routes user data through cloud infrastructure outside Malaysia.
Megan Donovan, a research analyst at International Data Corporation, has noted that across the Asia-Pacific region, agentic and generative AI spending is shifting from experimentation to production, particularly in customer operations and enterprise workflows — a transition that compresses the window between deployment and the compliance obligations that deployment triggers.
The EU AI Act, which entered into force on 1 August 2024, establishes a risk-based regime imposing transparency, governance, and documentation duties on AI providers, with stricter requirements for higher-risk applications and general-purpose models. Charla Berthelsen, director of artificial intelligence governance at the International Association of Privacy Professionals, has assessed that companies deploying AI agents now face a growing compliance burden around training data, user profiling, and human oversight — obligations that apply regardless of where the deploying company is headquartered if it touches EU users. Zetrix’s 1 million-user target does not specify geographic boundaries within Southeast Asia, which means the EU exposure question is live from day one. For a broader look at how AI agents are already reshaping consumer-facing industries, the deployment of AI trip planners by Booking.com and Expedia illustrates how quickly agentic tools move from novelty to embedded infrastructure — and how pricing and data dynamics shift when they do.
| Jurisdiction | Primary instrument | AI-specific rules | Key date |
|---|---|---|---|
| Malaysia | Personal Data Protection Act 2010 (amended 2024) | None — general data-protection principles apply | Breach notification regime: staged from 2025 |
| European Union | EU AI Act | Risk-based tiers; transparency, governance, documentation duties | In force: 1 August 2024; first prohibitions: 2 February 2025 |
| China | Multiple instruments including Generative AI Measures (2023) | Content controls, training-data rules, state oversight | Generative AI rules: 15 August 2023 |
The competitive landscape behind the deployment race
The global AI agent market is fracturing into two distinct layers. The first is frontier model development, where OpenAI, Google, Anthropic, Microsoft, and Meta continue to set the pace from the United States, while Baidu, Alibaba, Tencent, and ByteDance are building domestic alternatives in China under tighter state oversight. The second layer — and the one where Southeast Asian firms believe they can compete — is the interface and distribution layer: who owns the agent that sits between the user and the underlying model.
Southeast Asia has no homegrown frontier model leader. What it does have is a distribution opportunity: hundreds of millions of users across Indonesia, Malaysia, Vietnam, the Philippines, and Thailand who want localised assistants for commerce, customer service, and creator tools. The competitive risk for regional startups is not that they cannot build fast enough — it is that U.S. and Chinese platforms will bundle agent features into existing super-app and productivity ecosystems before independent agents can establish switching costs.
The enforcement signal to watch is Malaysia’s PDPA penalty cases under the amended data law, expected to emerge across 2025–2026. If the Department of Personal Data Protection pursues public enforcement actions against AI-era data processing, it signals a tighter operating environment for agentic products. If no cases materialise, expect a growth-first deployment environment to persist — which would accelerate regional adoption but widen the accountability gap that Berthelsen and others have flagged. Enterprise procurement deals with regional telcos, banks, or super-apps — also expected by end-2026 — will reveal whether AI agents are moving from demonstration products to mass-market workflows.
Beyond the headline
The bigger picture
This is what AI diffusion looks like before the rulebook is finished: startups are racing to make agents indispensable while governments are still treating the technology through general data-protection law. Malaysia’s amended PDPA was not designed with autonomous multi-step agents in mind, and neither were the equivalent frameworks in Indonesia, Vietnam, or the Philippines. That gap is where the next wave of regional winners will try to establish themselves — and where the next wave of liability cases will eventually originate.
The reach
For companies with operations in Malaysia or customers across Southeast Asia, the practical issue is governance, not just innovation. Agentic tools that ingest employee, client, or consumer data can simultaneously trigger compliance obligations, vendor-review demands, and cross-border transfer scrutiny in multiple jurisdictions. A Western firm deploying an AI agent for customer operations in Kuala Lumpur is not just making a technology procurement decision — it is making a data-liability decision under at least two legal regimes at once.
Our take
The hype around AI agents is running well ahead of the institutional guardrails. That does not make the category fake; it makes it fragile. The first real competitive moat in this space will not be built on autonomy or speed to a million users — it will be built on trust, auditability, and data discipline. Zetrix may be moving fast, but the startup that wins Southeast Asia’s agent market will be the one that can demonstrate accountability when something goes wrong, not just capability when everything goes right.
What this means for businesses operating in Southeast Asia
With agentic AI moving from pilot projects to production deployments across Malaysia, Indonesia, and Vietnam before region-specific regulatory frameworks are in place, Western companies face concrete decisions on vendor selection, data governance, and compliance exposure right now.
- Audit your vendor’s data architecture before signing. Any AI agent tool deployed in Malaysia must comply with the Personal Data Protection Act 2010 as amended. Review how the vendor handles cross-border data transfers — the PDPA restricts transfers to non-approved jurisdictions. The full framework is published by the Department of Personal Data Protection.
- Map your EU exposure before deploying regionally. If your agent tool touches any EU-resident users — employees, customers, or partners — the EU AI Act and GDPR apply simultaneously with local law. The EU AI Act‘s risk-based obligations have been in force since August 2024; high-risk use cases face documentation and human-oversight requirements that most current agentic products do not yet satisfy by default.
- Track Malaysia’s enforcement pipeline through 2026. The amended PDPA‘s mandatory breach notification regime is now active. Public penalty cases — or their absence — will define the practical operating environment for agentic AI in Malaysia over the next 12 to 18 months. Assign someone to monitor the Department of Personal Data Protection’s enforcement announcements.
- Treat agent procurement as a liability decision, not just a technology decision. When an AI agent takes an incorrect action across a chain of automated steps — routing a payment, sending a client communication, accessing a document — accountability is unclear under current frameworks. Contracts with AI vendors should specify indemnification, audit rights, and incident response obligations before deployment, not after.
- Watch the telco and super-app partnership announcements. If major regional platforms in Malaysia, Indonesia, or the Philippines announce enterprise agent integrations by end-2026, the market will consolidate rapidly around those distribution channels. Companies evaluating independent agent vendors should factor that timeline into any multi-year procurement decision.
